This is an update to the following security notification: On Sat, 6 Apr 2002, Brent J. Nordquist <bjn@horde.org> wrote: > The Horde team announces the availability of IMP 2.2.8, which prevents > some potential cross-site scripting (CSS) attacks. > [...] > The Horde Project would like to thank Nuno Loureiro <nuno@eth.pt> > for discovering this problem and providing a very thorough analysis. Sites using IMP 3.0 should note that IMP 3.0 is also vulnerable to these attacks, but IMP 3.1 (final released this week) is not. Therefore, IMP 3.0 users are encouraged to upgrade to IMP 3.1 to prevent these potential attacks. IMP 3.1 can be downloaded from the following location (Horde 2.0 does not need to be upgraded; it will work with IMP 3.1): ftp://ftp.horde.org/pub/imp/ MD5 checksums: MD5 (imp-3.1.tar.gz) = 73ff42a32e3ee3617fd411be356cb70f MD5 (patch-imp-3.0-3.1.gz) = a7c9330ab1df2cd727c4aeb858138821 -- Brent J. Nordquist <bjn@horde.org> N0BJN Other contact information: http://www.nordist.net/contact.html
